> TritonInfoSec News

# Archive

Browse past daily curated stories

May 08 May 05 May 03 May 02 May 01 Apr 30 Apr 28 Apr 26 Apr 25 Apr 24 Apr 23 Apr 22 Apr 21 Apr 20 Apr 19 Apr 18 Apr 17 Apr 16 Apr 15 Apr 14 Apr 12 Apr 11 Apr 10 Apr 09 Apr 08 Apr 07 Apr 05 Apr 04 Apr 03 Apr 02

Thursday, April 09, 2026

  1. 1
    0
    Dark Reading general
    Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers

    Russia's APT28 (Forest Blizzard) is conducting espionage by compromising vulnerable SOHO routers and modifying DNS settings to intercept credentials without deploying traditional malware. The campaign demonstrates a 'malwareless' approach to cyber espionage, allowing the group to spy on global organizations through simple router configuration changes.

  2. 2
    0
    SecurityWeek general
    US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking

    U.S. authorities disrupted APT28's operation exploiting vulnerable TP-Link and MikroTik routers across 120 countries to conduct adversary-in-the-middle attacks for credential theft. The Russian military hackers modified router DNS settings to hijack traffic and steal Microsoft 365 logins, demonstrating how end-of-life consumer devices become strategic intelligence assets.

  3. 3
    0
    SecurityWeek general
    Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks

    Iranian hackers are actively targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers across U.S. critical infrastructure including energy and water sectors. The attacks have caused operational disruptions, file manipulation, and financial losses since the onset of U.S.-Israel strikes against Iran, marking an escalation in OT-focused warfare.

  4. 4
    0
    SecurityWeek general
    FBI: Cybercrime Losses Neared $21 Billion in 2025

    FBI received over 1 million cybercrime complaints in 2025 with losses reaching $20.9 billion, representing a 26% increase from the previous year. Investment fraud, business email compromise, and tech support scams caused the highest financial damages, highlighting the evolving landscape of financially motivated cybercrime.

  5. 5
    0
    BleepingComputer general
    13-year-old bug in ActiveMQ lets hackers remotely execute commands

    A 13-year-old remote code execution vulnerability in Apache ActiveMQ Classic allows attackers to execute arbitrary commands on affected systems. The bug remained undetected since 2011 and requires authentication for exploitation, though researchers note another flaw exposes the Jolokia API without authentication.

  6. 6
    0
    SecurityWeek general
    Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks

    Anthropic unveiled Claude Mythos as part of Project Glasswing, an AI model specifically designed for cybersecurity that has reportedly identified thousands of zero-day vulnerabilities across major systems. The initiative aims to secure critical software before similar AI-powered offensive capabilities become available to attackers.

  7. 7
    0
    Schneier on Security threat-intel
    Python Supply-Chain Compromise

    A malicious supply chain compromise affected Python Package Index package litellm version 1.82.8, which contained a malicious .pth file that executes automatically on every Python interpreter startup. The attack demonstrates how package managers can be weaponized to achieve persistent code execution without requiring explicit imports.

  8. 8
    0
    BleepingComputer general
    CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday

    CISA ordered federal agencies to patch a critical Ivanti Endpoint Manager Mobile (EPMM) vulnerability by Sunday that has been actively exploited since January. The directive gives agencies just four days to secure their systems against this critical-severity flaw affecting mobile device management infrastructure.

  9. 9
    0
    The Hacker News general
    N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

    North Korean hackers expanded the Contagious Interview campaign by publishing 1,700 malicious packages across npm, PyPI, Go, Rust, and PHP ecosystems. The packages impersonate legitimate developer tools while functioning as malware loaders, representing a coordinated supply chain attack targeting multiple programming environments.

  10. 10
    0
    BleepingComputer general
    Hackers use pixel-large SVG trick to hide credit card stealer

    A massive campaign targeting nearly 100 Magento e-commerce stores hides credit card-stealing code inside pixel-sized SVG images. The technique allows attackers to inject payment skimmers that are virtually invisible to visual inspection while maintaining full functionality for harvesting customer payment data.